1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Andrew Honig <ahonig@google.com>
3 Date: Wed, 10 Jan 2018 10:12:03 -0800
4 Subject: [PATCH] KVM: x86: Add memory barrier on vmcs field lookup
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
9 commit 75f139aaf896d6fdeec2e468ddfa4b2fe469bf40 upstream.
11 This adds a memory barrier when performing a lookup into
12 the vmcs_field_to_offset_table. This is related to
15 Signed-off-by: Andrew Honig <ahonig@google.com>
16 Reviewed-by: Jim Mattson <jmattson@google.com>
17 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
18 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
21 arch/x86/kvm/vmx.c | 12 ++++++++++--
22 1 file changed, 10 insertions(+), 2 deletions(-)
24 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
25 index 6704e716efdc..5b5413c23395 100644
26 --- a/arch/x86/kvm/vmx.c
27 +++ b/arch/x86/kvm/vmx.c
28 @@ -883,8 +883,16 @@ static inline short vmcs_field_to_offset(unsigned long field)
30 BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX);
32 - if (field >= ARRAY_SIZE(vmcs_field_to_offset_table) ||
33 - vmcs_field_to_offset_table[field] == 0)
34 + if (field >= ARRAY_SIZE(vmcs_field_to_offset_table))
38 + * FIXME: Mitigation for CVE-2017-5753. To be replaced with a
39 + * generic mechanism.
43 + if (vmcs_field_to_offset_table[field] == 0)
46 return vmcs_field_to_offset_table[field];